Filter
Top Products
User Management
1011
SonicOS 5.8.1 Administrator Guide
How Does SonicWALL Terminal Services Agent Work?
The SonicWALL TSA can be installed on any Windows Server machine with Terminal Services
or Citrix installed. The server must belong to a Windows domain that can communicate with the
SonicWALL security appliance directly using the IP address or using a path, such as VPN.
For installation instructions for the SonicWALL TSA, refer to the “Installing the SonicWALL
Terminal Services Agent” section on page 1065.
See the following sections for information about the SonicWALL TSA:
• “Multiple TSA Support” on page 1012
• “Encryption of TSA Messages and Use of Session IDs” on page 1012
• “Connections to Local Subnets” on page 1013
• “Non-Domain User Traffic from the Terminal Server” on page 1013
• “Non-User Traffic from the Terminal Server” on page 1013
Internet
SonicWALL UTM Appliance
LDAP
Server
SonicWALL SSO with Terminal Services Agent
Communication in these steps
is encrypted when the user
name and domain are included,
using a shared key which is
generated by the TSA.
A client logs into the network via the Terminal Services or Citrix server and attempts to access the
Internet or other network resources for the first time.
The TSA on the Terminal Services or Citrix server notifies the SonicWALL UTM of the user’s name,
domain, the session ID, the connection IP address, port, and protocol. The UTM sends a reply.
The SonicWALL UTM queries the LDAP server or the local database for the user’s group member-
ships.
The SonicWALL UTM checks the groups against Firewall,
CFS, and App FW policies, and grants access accordingly,
allocates a user number for the user on the terminal server,
and logs the user in.
The user closes the Internet connection and the TSA
notifies the UTM of the close.
The user opens further connections, and steps (2) and (5),
but not (3) and (4), are repeated for each connection.
When the user logs out of the terminal server, the TSA
notifies the SonicWALL UTM of the logout and the user is
logged out on the UTM.
Network Security Appliance
1
5
4
2
3
1
2
3
4
5
6
6
7
7
2 3
Steps